The essential news about content management systems and mobile technology.
Powered by Joocial, XT Search for Algolia, and SlimApps.


This plugin aims to improve password security for your site'susers by preventing them from using a password that is known tohave been compromised.

In order to do this, the plugin makes use of the "Have I BeenPwned" API, operated by noted security researcher Troy Hunt. contains an archive of user credentials thathave been made public after being hacked, and allows anyone toquery the database to find out whether their credentials have beencompromised.

For the purposes of validating a new password, the API can beused to determine whether the password being entered has alreadybeen compromised. If the requested password already exists in theHaveIBeenPwned database, it should be assumed to be insecure,because many hacking attempts will use existing known credentialswhen attempting to crack new passwords.

In addition, the API also returns the number of times that thespecified password exists in the database. This can also be used toestablish the security (or lack thereof) of a given password; if itexists many times in the database, then it is clearly a commonlyused password, and thus vulnerable to attack even if itsuccessfully passes the conventional complexity tests.

Read more